•LESSON 9: SECURITY OF DIGITAL LIBRARIES

LESSON 9: SECURITY OF DIGITAL LIBRARIES

•9. 1 Introduction
•Digital libraries are storehouses of information, and it is important to ensure the
safety of the information they hold and the equipment. The purpose of this lesson is
to enable you understand the measure to put in place so as to ensure security of
digital libraries.

•9.2 Lesson Learning Outcomes

•By the end of this lesson, you will be able to:
•9.2.1 Explain the concept of security in digital libraries
•9.2.2 Explain security types of security threats in a digital library.
•9.2.3 Explain the security measures for digital libraries
 What is Digital Security?
• Digital security is the collective term that describes the resources
employed to protect your online identity, data, and other assets.
• These tools include;-
• web services,
• antivirus software,
• smartphone SIM cards,
• biometrics, and
• secured personal devices.
• In other words, digital security is the process used to protect
your online identity data and other assets from unauthorized
access.
 What’s the Difference Between Digital Information Security and Cyber Security?

• You may have heard the term “cyber security” as an emotive topic.
• That’s hardly surprising since illegally accessing someone’s data,
identity, or financial resources is called a “cybercrime,” which in turn
creates a need for cyber security.
• Yet, there’s a difference between digital security and cyber security.
• Digital security involves protecting your online presence (data,
identity, assets).
• At the same time, cyber security covers more ground, protecting
entire networks, computer systems, and other digital components,
and the data stored within from unauthorized access.
• You could make a case for calling digital security a sub-type of cyber
security.
 What’s the Difference Between Digital Information Security and Cyber Security?

•Many professionals use the two terms

interchangeably, but in reality,
•digital security protects information, and
•cyber security protects the
infrastructure, all systems, networks,
and information.
 What is library security?
Library security is a broad term and can be defined as
‘the arrangements provided for safe and secure facilities for library staff, library resources,
equipment, and library users.’
It is also important that these security systems should perform their functions as seamlessly as
possible, without interfering with the primary objective of any library i.e., providing user services
with ease and simplicity.
It includes:
1) protection of personnel (both staff and users),
2) collections,
3) equipment,
4) physical facilities, and
5) information from harms such as mutilation, theft, physical attack, accident damage, and other
the acts of God.
•9.2.1 Concept of security threats in digital libraries
1) Security is an important aspect when a digital library is
being designed.
2) Many security threats exist and such threats to the integrity
of a digital library may arise from human related activities
like hacking or cracking.(trying to get into a computer
system so as to steal, corrupt or view data when you are
not authorized)
3) That makes it necessary for library administrators to
restrict access to the content.
4) They can also arise from destructive programs such as
viruses which can damage the functioning of a computer
and worms in which case antivirus can be used.
•What is Cracking?

•What is hacking?

•Whereas hacking is the process of

intruding computer systems without
authorization in order to gain access
to them, for good or bad purposes,
•Cracking is the same practice
though with criminal intention.
•What is Hacking?

•Any attempt to intrude into a computer or a network without authorization is called hacking.
•This involves changing of system or security features in a bid to accomplish a goal that differs from the
intended purpose of the system.
•It can also refer to non-malicious activities, usually involving unusual or improvised alterations to
equipment or processes.

•An individual who involves themselves in hacking activities is known as a hacker, and some companies
employ hackers as part of their support staff.
•These kind of hackers use their skills to find flaws in the company security system, to prevent identity
theft and other computer-related crimes against the company.

•There are various kinds of hackers: the most common are white hats, black hats and grey hats.

1) White hats hack to check their own security systems to make it more hack-proof. In most cases, they
are part of the same organisation.
2) Black hat hackers hack to take control over the system for personal gains. They destroy, steal and
even prevent authorized users from accessing the system, by finding loopholes and weaknesses in the
system.
3) Grey hat hackers comprise curious people who have just about enough computer language skills to
enable them to hack a system to locate potential loopholes in the network security system. They then
•What is Cracking?
•Whereas hacking is the process of intruding computer systems without authorization in order to
gain access to them, for good or bad purposes, cracking is the same practice though with
criminal intention. However, cracking is generally less harmful than hacking.
•A cracker is someone who breaks into a network; bypasses passwords or licenses in computer
programs; or in other ways intentionally breaches computer security.

•Crackers also act as Black Hats: by gaining access to the accounts of people maliciously and
misusing this information across networks.
•They can steal credit card information, they can destroy important files, disclose crucial data and
information or personal details and sell them for personal gains.

•There are various types of crackers that include script kiddies, packet monkeys, s’kiddiots,
lamers, warez d00dz, and wannabes.
•Some of the characteristics of crackers include:
1) Less skilled and do not possess necessary in-depth knowledge about programming and codes.
2) Always rely on the software tools created by others to carry out their operations.
3) They only know the process of cracking the security networks and they lack the advanced
knowledge.
•The difference between hacking and cracking

•The basic difference is that a hacker uses their extensive

knowledge of computer logic and code, while a cracker
looks for back doors in programs, and exploits those back
doors.
•Hackers break into the security systems for the sole
purpose of checking the holes in the system and works on
rectifying these while as the Cracker breaks into the
security system for criminal and illegal reasons or for
personal gains.
•9.2.2 Security Threats in digital libraries
•Security threats in a digital library can be categorized as:
1.Physical attack – These type of attacks involve attack mostly
on hardware and software.
2.Logical attacks – These type of attacks on the other hand
attack the content or the software.
Security threats can also arise from destructive programs such as
viruses which can damage the functioning of a computer and
worms in which case antivirus can be used.

•Generally, considering the security risks, it is of paramount

importance that librarians ensure that the content placed on the
network is only that which can be shared with the general public
•9.2.2 Security measures for digital libraries
•It is important to protect the information and the infrastructure in the digital libraries.
i) Content
 The content should be protected so as to maintain the integrity. This should be done by
ensuring access control so that no unauthorized person should access the information.
 Anyone who is not authorized should not be allowed
 Users should be authenticated
 Ensure each user access only what they have a right to
•
ii) Hardware Security
• These include computers and accessories, printers etc.
 Keep in secure rooms
 Control the movement to deter theft
 Could have cctvs
iii) Network security
 Ensure the networking infrastructure and the data is well protected- If the
network is wired, do not allow users to install unauthorized network gadgets.
 Invest in wireless security so as to maintain the integrity of the content
•
iv) Database security
 Ensure only authorized people will login
 Staff should be allocated rights as per their roles ie who can see what or edit
 Important to install tracking feature to know when it was accessed and who and
who made any changes.
•
v) User’s privacy should be protected.
 Have features for identifying and authenticating users - password
• What is the CIA triad?
• When we discuss data and information, we must
consider the CIA triad.
• The CIA triad refers to an information security model
made up of the three main components:
1) confidentiality,
2) integrity and
3) availability.
Each component represents a fundamental objective of
information security.
• The three components of the CIA triad are discussed below:
1) Confidentiality: This component is often associated with secrecy and the
use of encryption.
Confidentiality in this context means that the data is only available to
authorized parties.
When information has been kept confidential it means that it has not been
compromised by other parties;
confidential data are not disclosed to people who do not require them or
who should not have access to them.
Ensuring confidentiality means that information is organized in terms of who
needs to have access, as well as the sensitivity of the data.
A breach of confidentiality may take place through different means, for
instance hacking or social engineering.
2) Integrity: Data integrity refers to the
certainty that the data is not tampered with or
degraded during or after submission.
It is the certainty that the data has not been
subject to unauthorized modification, either
intentional or unintentional.
There are two points during the transmission
process during which the integrity could be
compromised:
a)during the upload or transmission of data or
b)during the storage of the document in the
database or collection.
3) Availability: This means that the information is
available to authorized users when it is needed.
For a system to demonstrate availability, it must
have properly functioning computing systems,
security controls and communication channels.
Systems defined as critical (power generation,
medical equipment, safety systems) often have
extreme requirements related to availability.
These systems must be
a) Resilient against cyber threats,
b) Have safeguards against power outages,
c) hardware failures and
d) other events that might impact the system
availability.
• Social engineering is the term used for a broad range of
malicious activities accomplished through human
interactions. It uses psychological manipulation to trick users
into making security mistakes or giving away sensitive
information
• Social engineering attacks happen in one or more steps.
A perpetrator first investigates the intended victim to
gather necessary background information, such as
• potential points of entry and weak security protocols,
needed to proceed with the attack.
• Then, the attacker moves to gain the victim’s trust and
provide stimuli for subsequent actions that break
security practices, such as revealing sensitive
information or granting access to critical resources.
Stability, availability and security
1) Availability is a major challenge in collaborative environments, as such environments
must be stable and continually maintained. Such systems must also allow users to
access required information with little waiting time. Redundant systems may be in place
to offer a high level of fail-over. The concept of availability can also refer to the usability
of a system.
2) Information security refers to the preservation of integrity and secrecy when
information is stored or transmitted. Information security breaches occur when
information is accessed by unauthorized individuals or parties. Breaches may be the
result of the actions of hackers, intelligence agencies, criminals, competitors, employees
or others. In addition, individuals who value and wish to preserve their privacy are
interested in information security.
3) The CIA triad describes three crucial components of data and information protection
which can be used as guides for establishing the security policies in an organization.
4) Establishing and maintaining the organization’s security policies can be a daunting task
but using the three-pillared strategic approach to cyber security can help you identify
and manage cyber security risks in a methodic and comprehensive manner.
 What is Data Security?
• Data security is a collection of principles and technologies that safeguard data
against deliberate or inadvertent damage, modification, or disclosure. The
protection of data can be implemented by a variety of technologies and
techniques, including administrative controls, physical safety, logical checks,
organization, and other safeguarding techniques that limit access to unauthorized
or malicious users or processes.
• Why is Data Security Important?
• The data generated, compiled, stored, and shared by your organization is a
precious commodity. Protecting the business from corruption and unauthorized
internal or external access would avoid financial loss, damage to credibility,
deterioration in customer trust, and brand degradation. In addition, legislation
from the government and industry on data protection makes it necessary for your
organization to follow and enforce these laws with any sector in you do business.
 Security and Privacy in Digital Libraries:
1) Technological advances have led to the creation of digital libraries over the past
decade or so.
2) These offer valuable opportunities for convenient access to information and
data, regardless of an individual’s location.
3) For librarians though, the transition from physical to digital library collections
brings many new challenges, not least in the areas of security and privacy.
4) The purpose of this lesson is to examine the nature of these challenges and the
opportunities available for overcoming them, so that libraries can continue to fulfill
their important role of providing;-
a) Accurate,
b) Secure and
c) Timely information to users, while protecting their privacy and the
confidentiality of their personal information.
 Security and Privacy in Digital Libraries
• Security is an important issue in digital library design.
• Security weaknesses in digital libraries, coupled with attacks or other types of
failures, can lead to confidential information being inappropriately accessed, or loss
of integrity of the data stored.
• These in turn can have a damaging effect on the trust of publishers or other content
providers, can cause embarrassment or even economic loss to digital library owners
and can even lead to pain and suffering or other serious problems if urgently
needed information is unavailable
• There are many security requirements to consider because of the variety of
different actors working with a digital library. Each of these actors has different
security needs
• Thus, a digital library content provider might be concerned with protecting
intellectual property rights and the terms of use of content, while a digital library
user might be concerned with reliable access to content stored in the digital library.
 Security Architecture of a Digital Library
• Requirements based on these needs sometimes are in conflict, which can make the
security architecture of a digital library even more complex.
• The design of the security architecture of a digital library must go beyond simply adding
one or a few modules to a previously designed system. This is because there may be
security holes in pre-existing modules, and because difficulties can arise when attempting
to integrate the modules. The security architecture of a digital library must be designed so
that security concerns are handled holistically.
• A security system designer must view the whole architecture and consider all of the
applicable security factors when designing a secure digital library. The nature of a security
attack may differ according to the architecture of the digital library; a distributed digital
library (A distributed digital library consists of material on separate machines
connected via a network) has more security weaknesses than a centralized digital library.
Security attacks can be categorized as physical attacks and logical attacks (Stallings, 2006).
• A physical attack involves hardware security where keys, locks, cards, and visitor
monitoring is used. A logical attack involves an attack on the content or digital library
system. We focus on the logical attacks and software security of digital libraries.
 I.2 The Digital Library Universe: A Three-tier Framework

• A Digital Library is an evolving organization that comes into

existence through a series of development steps that bring
together all the necessary constituents.
• Figure I.2-1 presents this process and indicates three distinct
notions of ‘systems’ developed along the way forming a three-
tier framework:
1) Digital Library,
2) Digital Library System, and
3) Digital Library Management System.
• These correspond to three different levels of conceptualization
of the universe of Digital Libraries.
Figure I.2-1. DL, DLS and DLMS: A Three-tier Framework
Figure I.3-1. The Digital Library Universe: Main Concepts
• These three system notions are often confused and are used interchangeably in the literature; this terminological
imprecision has produced a plethora of heterogeneous entities and contributes to making the description,
understanding and development of digital library systems difficult. As Figure I.2-1 indicates, all three systems
play a central and distinct role in the Digital Library development process. To clarify their differences and their
individual characteristics, the explicit definitions that follow may help:
• Digital Library (DL)
• An organization, which might be virtual, that comprehensively collects, manages and preserves for the long term
rich digital content, and offers to its user communities specialized functionality on that content, of measurable
quality and according to codified policies.
• Digital Library System (DLS)
• A software system that is based on a defined (possibly distributed) architecture and provides all functionality
required by a particular Digital Library. Users interact with a Digital Library through the corresponding Digital
Library System.
• Digital Library Management System (DLMS)
• A generic software system that provides the appropriate software infrastructure both (i) to produce and administer
a Digital Library System incorporating the suite of functionality considered fundamental for Digital Libraries and
(ii) to integrate additional software offering more refined, specialized or advanced functionality.
• A Digital Library Management System belongs to the class of ‘system software’. As is the case in other
related domains, such as operating systems, databases and user interfaces, DLMS software generation
environments may provide mechanisms to be used as a platform to produce Digital Library Systems. Depending on
the philosophy it follows, a DLMS may
• belong to one of the following three types:
Security and Privacy in Digital Libraries: Challenges, Opportunities and Prospects
Technological advances have led to a proliferation of digital libraries over the past decade or so.
These offer valuable opportunities for convenient access to information and data, regardless of an
individual’s location.
For librarians though, the transition from physical to digital library collections brings many new challenges,
not least in the areas of security and privacy.
The purpose of this lesson is to examine the nature of these challenges and the opportunities available for
overcoming them, so that libraries can continue to fulfill their important role of providing accurate, secure
and timely information to users, while protecting their privacy and the confidentiality of their personal
information.
This unit addresses in particular the following issues:
1) protecting the information infrastructure;
2) identification and authentication in security and privacy;
3) standards and policies;
4) access and control of digital information;
5) ethical decision-making in design, implementation and evaluation of digital libraries; and
6) privacy, anonymity and identity.
 PROTECTING THE INFORMATION INFRASTRUCTURE
• The physical infrastructure on which digital resources are held
is vulnerable to a range of risks including theft, damage and
online attacks from viruses, worms and various forms of
malware (Zimmerman, 2009).
• Hardware and other infrastructure, as well as networks
including wireless networks must be adequately secured to
prevent unauthorized access or attacks on the integrity of the
data held (Al-Suqri & Afzal, 2007).
• Regular data backups are also crucial to insure against data loss,
along with other data preservation processes (Anday et al.,
2012).
 PROTECTING THE INFORMATION INFRASTRUCTURE
• Standards and mechanisms for the protection of the information during data transfer are
also very important as technology changes and improvements in information storage are
made, earlier information resources in print format need to be transferred to
progressively newer technologies over time, as older forms gradually become obsolete.
• The privacy of end users will also be more easily achieved if standards for the protection
of the digital infrastructure are met. Digital in formation users have access to a wide
range of information and sources through various agencies and there is a need to
establish appropriate standards for the storage and dissemination of this information.
These should allow end users to access digital information subject to the standards of the
source being used and ensure strict adherence to rules and regulations intended to protect
the users’ security and privacy.
• These types of standards are increasing and being adjusted to the proliferation of
information on the Web and the demands of usage.
• As a result, digital information professionals are now required, for example, to identify
 Disaster Recovery System (RDRS)

•There are many hidden dangers in Digital

Library (DL) Information System.
•To protect the information resources and the
continuity of information service effectively,
•it is necessary to construct Digital Library
Remote Disaster Recovery System (RDRS).
 PROTECTING THE INFORMATION INFRASTRUCTURE
• Information seekers often disregard laws and moral
implications when they choose to pirate or otherwise use
information for illicit purposes based on their own ethical
standards.
• According to Seadle (2004), even “a reasonable fair use in
ethical terms could still be an infringement in strict legal
judgment,” (p.109).
• Hence, there is a need to have a formal enforcement mechanism
in place of the current situation in which peer pressure and
ethical judgment determines whether intellectual property
infringements occur
 PROTECTING THE INFORMATION INFRASTRUCTURE
• Many governments have created protection stipulations in the form of copyrights;
however, one of the major problems that digital librarians grapple with is how to
ensure compliance with the various copyright and licensing laws of different
countries (Posner, 2012). Premchand Mohammed (2011) documented the
difficulties faced by a medium-sized academic library in a multi-campus
Caribbean university when transitioning from print to digital resources.
• Most of the subscriptions for electronic resources were governed by licenses
developed overseas, which did not meet the needs of the university’s patrons, and
the library staff reportedly lacked adequate legal expertise to properly review and
negotiate licensing agreements.
• Difficulties also arise when applying conventional copyright laws to digital
content: in the U.S., for example, e-books are licensed on a contractual basis
rather than sold, and vendors sometimes require consumers to destroy the
material on their computers at the end of the lending period, a requirement
 ACCESS AND CONTROL OF DIGITAL INFORMATION
• The more information pumped into a society the more complex are the
regulations needed to protect this information.
• Today, the information superhighway is where information is collected and kept
in databases, retrieval systems, and digital libraries for the use of patrons.
• Access to their content is granted based on the users’ skills and knowledge
(Borgman, 2000).
• Control is given to creators, and government is given ownership as a means to
initiate statutes, laws, and guidelines on the use and distribution of the
information.
• However, technology has made it easier for users to copy and redistribute
materials (Abie, Spilling, & Foyn, 2004), and there is a growing need for digital
librarians to preserve and protect digital content from unauthorized or illegal use
(Kuzma, 2010)
 ACCESS AND CONTROL OF DIGITAL INFORMATION
• The digital library as an agency has a key role to play in
ensuring access to digital information as well as controlling it.
• Today, the digital library is a central hub in the world of digital
information, with the responsibility of converting information
from traditional to digital format for preservation purposes and
regulating access to and control over its use.
• Since the act of preservation has always been a primary
function of libraries, concerns are now being raised over
responsibilities for the future preservation of materials in digital
format, now that this function is “slowly shifting to the
publishers” (Urs, 2004, p. 206).
 ACCESS AND CONTROL OF DIGITAL INFORMATION
• There is a growing conflict between providers’ concerns about protecting their
information from piracy and the library profession’s concern to make resources
available for “fair use” by the public.
• According to the IFLA’s “Position on copyright in the digital environment”,
digital information resources should not be subject to different copyright laws than
traditional print resources, and the legal concept of fair use of information for
public use should apply.
• It has been argued that digital librarians are well placed to negotiate between
various stakeholders to help protect the rights of the public in securing fair access
to information, while enabling providers to collect appropriate copyright fees
(Posner, 2012; Voutssas, 2012).
• Posner (2010) contends that librarians must take an ethical standpoint in this area
and if necessary, challenge laws that violate the principles of good librarianship.
 ACCESS AND CONTROL OF DIGITAL INFORMATION
• Since most people do not have such highly developed
information retrieval skills as digital librarians, there is also a
need for these information professionals to be extra vigilant
when advising individuals on the use of digital information.
• Sometimes digital librarians may be unable to stop an executive
from using information incorrectly, but they should not stand on
the excuse that “they were following orders” and should
certainly voice their objection if information is to be used
unethically.